>Number:         3763
>Category:       misc
>Synopsis:       /etc/security doesn't check /etc/profile
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people (Misc Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 18 11:50:01 1997
>Last-Modified:
>Originator:     Chris Jones
>Organization:
-------------------------------------------------------------------------------
Chris Jones                                    cjones@rupert.honors.montana.edu
           Mad scientist in training...
"Is this going to be a stand-up programming session, sir, or another bug hunt?"
>Release:        1.2
>Environment:
	
System: NetBSD clydesdale.math.montana.edu 1.2G NetBSD 1.2G (CLYDESDALE) #2: Mon Jun 16 15:46:23 MDT 1997 cjones@clydesdale.math.montana.edu:/usr/src/sys/arch/i386/compile/CLYDESDALE i386


>Description:
The /etc/security script, which checks umask values for root, checks
/etc/csh.login, /etc/csh.cshrc, /root/.login, and /root/.cshrc for the
C shell.  For the Bourne shell, however, it only checks
/root/.profile, when /etc/profile should also be checked.
>How-To-Repeat:
	
>Fix:
--- etc/security.orig	Wed Jun 18 12:41:38 1997
+++ etc/security	Wed Jun 18 12:41:43 1997
@@ -178,7 +178,7 @@
 	cp /dev/null $OUTPUT
 	rhome=/root
 	umaskset=no
-	list="${rhome}/.profile"
+	list="/etc/profile ${rhome}/.profile"
 	for i in $list; do
 		if [ -f $i ] ; then
 			if egrep umask $i > /dev/null ; then
>Audit-Trail:
>Unformatted: